I’m developing a macOS app that uses a proprietary Core ML model, which I need to encrypt. Since Core ML doesn’t support model encryption on macOS, I plan to encrypt the model myself using a symmetric key and decrypt it at runtime. To minimize the possibility of the model being compromised, I’d like to ensure that the decrypted model is only accessible in-memory, not on-disk. So my app will load the encrypted data, decrypt it with CryptoKit, construct an MLModelAsset
with the decrypted data, and load that with MLModel.load(MLModelAsset...).
The part I’m stuck on is constructing the MLModelAsset
. It only has one initializer method: init(specification: Data)
, where specification
is described as “[t]he contents of a .mlmodel as a data blob.” My model is in the .mlpackage format, which is a macOS package (i.e. a directory, not a blob). Attempting to initialize MLModelAsset
with the (unencrypted) .mlmodel file stored inside the .mlpackage (under “Data/com.apple.CoreML/model.mlmodel”) throws an error:
testLoadingPlainTextModel(): failed: caught error: "Error Domain=com.apple.CoreML Code=0 "compiler error: Encountered an error while compiling a neural network model: in operation op_7_to_fp16: Cannot interpret @model_path when ModelPath is unset" UserInfo={NSLocalizedDescription=compiler error: Encountered an error while compiling a neural network model: in operation op_7_to_fp16: Cannot interpret @model_path when ModelPath is unset}"
Since .mlpackage stores the model architecture and the weights in separate files, this isn’t unexpected. But I have no idea how to load the .mlpackage (or the corresponding .mlmodelc) as a blob, since they’re both directories and Data(contentsOf:)
throws an error if you try to load them.
(Note: I’m testing all this without any encryption for the time being—neither the .mlpackage or .mlmodelc is encrypted in my test project.)
What am I doing wrong? Is there any way to load an .mlpackage or .mlmodelc package as a blob, for instantiating MLModelAsset
? Or is there a different/better way to encrypt Core ML models on macOS?
Thanks!